49 lines
1.4 KiB
PHP
49 lines
1.4 KiB
PHP
<?php
|
||
|
||
namespace App\Http\Middleware;
|
||
|
||
use Closure;
|
||
use App\Models\AdminUser;
|
||
use App\Lottery\ErrorCode;
|
||
use App\Support\ApiResponse;
|
||
use Illuminate\Http\Request;
|
||
use Symfony\Component\HttpFoundation\Response;
|
||
|
||
/**
|
||
* 后台 RBAC:在 {@see EnsureAdminApi} 之后校验 `prd.*` 等功能权限 slug(与 {@see AdminUser::hasAdminPermission} 一致)。
|
||
* 路由参数支持 `slug` 或 `slug1|slug2`(满足其一即可)。
|
||
*/
|
||
final class EnsureAdminPermission
|
||
{
|
||
public function handle(Request $request, Closure $next, string $permissionSlugs): Response
|
||
{
|
||
$admin = $request->lotteryAdmin();
|
||
if (! $admin instanceof AdminUser) {
|
||
return ApiResponse::error(
|
||
trans('admin.unauthenticated', [], $request->lotteryLocale()),
|
||
ErrorCode::AdminUnauthenticated->value,
|
||
null,
|
||
401,
|
||
);
|
||
}
|
||
|
||
$slugs = array_values(array_filter(array_map('trim', explode('|', $permissionSlugs))));
|
||
if ($slugs === []) {
|
||
return $next($request);
|
||
}
|
||
|
||
foreach ($slugs as $slug) {
|
||
if ($admin->hasAdminPermission($slug)) {
|
||
return $next($request);
|
||
}
|
||
}
|
||
|
||
return ApiResponse::error(
|
||
trans('admin.permission_denied', [], $request->lotteryLocale()),
|
||
ErrorCode::AdminForbidden->value,
|
||
['required_any' => $slugs],
|
||
403,
|
||
);
|
||
}
|
||
}
|